Sep 29 2020
- last edited on
Dec 23 2021
I am trying to automate the closure of Sentinel Incident created via the API (no alert id related).
I have configured a logic app with an http event received task thats listen any API request from a webhook server, and then, close the incident.
But I got an error when it comes to change the incident status in the logic app:
Sep 29 2020 11:45 AM
@descof I wonder if there is something else going on. I just got an error adding a comment to an incident which I have done numerous times before. It was saying the subscription or the resource group was wrong but they are the exact same entries I have been using.
Sep 30 2020 12:27 AM - edited Sep 30 2020 01:28 AM
@Gary BusheyWe are also thinking about a problem while creating the incident via the API. We are looking if this is an internal issue or if we put the startTimeUtc, endtimeUtc in the wrong format..
edit: we tried to force the startTimeUtc, endtimeUtc but apparently Sentinel overwrite the values with its own. So we cant close a custom incident created with the api with logic app :(